$220M in Bitcoin May Be Encrypted Forever on IronKey – CipherTrace

$220M in Bitcoin May Be Encrypted Forever on IronKey

Stefan Thomas is two failed password attempts away from losing the private keys to $220 million worth of bitcoinThe term “Bitcoin” can either refer to Bitcoin the network, … More forever. This is because Thomas holds the private keys to his bitcoin walletA Bitcoin wallet is a physical device or software program th… More in an IronKey. “The World’s Most Secure Flash Drive” would rather die than give up its secrets, thanks to a series of built-in protections. IronKey was funded by the US Department of Homeland Security in 2006 and co-founded by Dave Jevans, CEO of CipherTrace. 

Jevans is helping with the investigation to recover Thomas’s private keys, an endeavor made challenging by the highly attack-resistant IronKey that Jevans and his team designed to protect crypto keys. 

On Tuesday, Jevans commented on Thomas’s situation in a Twitter conversation with Alex Stamos, former CISO at Facebook.  

The full thread was found here https://twitter.com/alexstamos/status/1348999178702057476 but is no longer available.

An archive has been transcribed below.

Alex Stamos @alexstamos

6:24 AM · Jan 12, 2021

 

Um, for $220M in locked-up Bitcoin, you don’t make 10 password guesses but take it to professionals to buy 20 IronKeys and spend six months finding a side-channel or uncapping.

I’ll make it happen for 10%. Call me.

“Stefan Thomas, a German-born programmer living in San Francisco, has two guesses left to figure out a password that is worth, as of this week, about $220 million.

The password will let him unlock a small hard drive, known as an IronKey, which contains the private keys to a digital walletA wallet is a device (a hardware device, a program, or servi… More that holds 7,002 Bitcoin. While the price of Bitcoin dropped sharply on Monday, it is still up more than 50 percent from just a month ago, when it passed its previous all-time high of around $20,000.

The problem is that Mr. Thomas years ago lost the paper where he wrote down the password for his IronKey, which gives users 10 guesses before it seizes up and encrypts its contents forever. He has since tried eight of his most commonly used password formulations — to no avail.

“I would just lay in bed and think about it,” Mr. Thomas said. “Then I would go to the computer with some new strategy, and it wouldn’t work, and I would be desperate again.”

Alex Stamos @alexstamos

Replying to @alexstamos

 

We’re not talking about some NSA-built crypto processor installed on an SSBN, but an old $50 piece of consumer kit. There is no way it’s hardened against the last ten years of USENIX papers that have never been used in practice.

Dave Jevans @davejevans

Replying to  @alexstamos

I was co-founder and CEO of IronKey.  We had numerous conversations with the NSA during the development of the products.  If the person is using the first generation of IronKey before we sold the company to Imation, it will be very challenging.  /1

Jex @in3dye

What was NSA’s purpose in helping you?

Dave Jevans @davejevans

Replying to  @in3dye and  @alexstamos

 

Once they determined that there were no back doors, they wanted to make it as secure as possible for classified use.  For example, they didn’t just want AES key destruction, they advised on NAND flash wipe techniques that we implemented in hardware.

Dave Jevans @davejevans

Replying to  @alexstamos

 

The password counter and encrypted AES keys are stored on an Atmel AT98 processor.  Uncapping is challenging as there is a randomized protection layer over the chip meaning access to the internal circuitry is likely to kill the chip.  https://dtsheet.com/doc/232348/atmel-at98sc008ct  /2

Dave Jevans @davejevans

Replying to  @alexstamos

IronKey/Atmel security features include voltage, frequency and temperature detectors, illegal code execution prevention, tampering monitors and protection against side channel attacks and probing. The chips can detect tampering attempts and destroy sensitive data on such events /3

Dave Jevans @davejevans

Replying to  @alexstamos

 

We went to Fly Labs and uncapped and looked at our IronKey security chips with a FIB during development.  It will be extremely hard to attack.  If you can turn off the password counter, that is your best bet.  Maybe extract the encrypted AES key.  Both are highly unlikely.  /4

Alex Stamos @alexstamos

 

I’m sure you guys did a great job (I think iSEC did some validation for you at one point) but it’s not a reasonable threat model to expect consumer hardware to hold up after a decade and against millions of dollars in directed research.

Dave Jevans @davejevans

Replying to  @alexstamos

 

It would be cool to find if anyone has reliably been able to attack the AT98SC family of smart cards without it resetting.  By reliable I mean attacking one device, with a high success chance, rather than being successful 1% of the time.

Garrett SerackCowboy hat face @fearthecowboy

Replying to @alexstamos

 

Wasn’t there a case similar to this a few months back where someone had bitcoin on some piece of crap crypto disk?

IIRC someone came out and found that the firmware that was on it could be downgraded to one that was vulnerable, and went thru and they got it unlocked.

Dave Jevans @davejevans

Replying to  @fearthecowboy and  @alexstamos

 

You cannot downgrade the firmware on the original IronKey devices.  It is checked in hardware and must be signed by physical keys on an HSM at IronKey (now Imation).  This is not a Trezor with software firmware checks.  It’s done in custom hardware. We spent over $10M in chip R&D

Brent Mueller @Patchemup1

Replying to @alexstamos and @hacks4pancakes

 

I’m betting that counter to 10 at the very least can be reset or severed from the kill switch. At least with the amount of resources that much money could buy.

Dave Jevans @davejevans

 

Yes.  But see my comments on the protective mesh, side channel attack prevention, etc on the key management chip that we used in building IronKey devices.  You have one chance to disable the physical mesh, and it is randomized per device.

iver_Tam @RiverTamYDN

 

I feel like he could afford to pay Kingston enough money to update the firmware of IronKey to a version that gives him unlimited decrypt attempts

Dave Jevans @davejevans

 

If it is an original version of IronKey, then there is no way to update the firmware on the smart card which holds the encrypted AES key and password counter.  Needs physical attack, which the chip has many protections against.

Josh @JDG_1980

 

Any chance the IronKey could be decapped and the password deciphered with an electron microscope?

Dave Jevans @davejevans

 

During development at IronKey we did decap the smart card and played with a FIB.  The card has many physical protections against reading memory, including UV detection, randomized hardware mesh, side channel attack detection, etc.  They reset easily.

Dan Kaminsky @dakami

 

If it’s helpful,  @justmoon, Alex’s offer is absolutely credible.

 Dave Jevans @davejevans

Replying to  @dakami, @lacker  and 2 others

 

As co-founder and former CEO of IronKey I’ll give you what help I can.  You need to crack the Atmel AT98 (assuming this is the IronKey that we developed before Imation bought our company).

Hardware Wallets, IronKeys, and Unbreakable Security

Hardware wallet companies need to elevate their security posture and seek the external certification of their encryption. Unlike hardware wallets, IronKeys continue to be tamper-proof more than a decade after their initial release. The National Institute of Standards and Technology (NIST) issues the Federal Information Protection 140 Series to coordinate the requirements and standards for cryptographic modules which include both hardware and software components for use by departments and agencies of the United States federal government.  

  • FIPS 140-2 Level 1 the lowest, imposes very limited requirements; loosely, all components must be “production-grade” and various egregious kinds of insecurity must be absent. 

  • FIPS 140-2 Level 2 adds requirements for physical tamper-evidence and role-based authentication. 

  • FIPS 140-2 Level 3 adds requirements for physical tamper-resistance. 

In 2011, IronKey was by far “World’s Most Secure Flash Drive” because it was the only mobile encryption device to be certified FIPS 140-2 Level 3, tamper-resistance. Zero hardware wallet vendors have yet to certify their software at even FIPS 140-2 Level 1. While some Trezor wallets have chipsets from Super Micro, ST31 and STM32, which are separately EAL validated, the Trezor wallet itself is not certified. 

Implications for Hardware Wallets 

Historically, hardware wallets have never been very secure. In 2018, Ledger hardware wallets were compromised by a 15-year-old researcher, Rashid Saleem, using very small amounts of code. Saleem installed a backdoor on a Ledger Nano S that caused the device to generate pre-determined recovery passwords. An attacker could enter those passwords into a new Ledger hardware wallet to recover the private keys of the backdoored device. Rashid was also able to exploit a Trezor wallet flaw a year prior. https://ciphertrace.com/ledger-bitcoin-wallet-hacked/ 

The Ledger data breach of 2020 exposed the email addresses and other PII of over 270,000 users, resulting in many of Ledger’s customers falling victim to phishing and ransomwareA type of malicious program that is designed to encrypt a sy… More attacks that included threats of violence. While the hack didn’t directly threaten any customer funds, their reputation within the industry has been compromised, leading many to question the future of hardware wallet security. Perhaps these hardware companies would be wise to revisit IronKey’s contributions to crypto security. In the spirit of decentralization, the onus remains on the user to secure their private keys so that they do not end up in Thomas’s unfortunate situation with hundreds of millions of dollars inaccessible.